CVE-2026-4588

LOW 3.7

kalcaddle kodbox Site-level API key shareOut.class.php shareSafeGroup hard-coded key

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

8th

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-321 CWE-320
Vendor	kalcaddle
Product	kodbox
Published	Mar 23, 2026
Last Updated	Mar 25, 2026

Stay Ahead of the Next One

Get instant alerts for kalcaddle kodbox

Be the first to know when new low vulnerabilities affecting kalcaddle kodbox are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

kalcaddle / kodbox

1.64

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352424 vuldb.com: https://vuldb.com/?ctiid.352424 vuldb.com: https://vuldb.com/?submit.775464 vulnplus-note.wetolink.com: https://vulnplus-note.wetolink.com/share/rM8GdIOvQZrw

Credits

🔍 vulnplusbot (VulDB User) VulDB